LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports …

vnc Crack 密码破解

复旦白泽大模型安全基准测试集（2024年夏季版）

Prompt越狱手册

Open Breach and Attack Simulation Platform

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it sign…

你知道我要说什么

获取Exchange信息的小工具

Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)

Fast web fuzzer written in Go

基于rustdesk修改的远程桌面软件，将agent部分分离出来

Examples for using the Montoya API with Burp Suite

Java Js Engine Payloads All in one

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf…

DecryptTools-综合解密

多功能 java agent 内存马

一款Spring综合漏洞的利用工具，工具支持多个Spring相关漏洞的检测以及利用

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

Pillager是一个适用于后渗透期间的信息收集工具

Hikvision综合漏洞利用工具

Nacos漏洞综合利用GUI工具，集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用

NacosExploit 命令执行 内存马等利用

Java编写，Python作为辅助依赖的漏洞验证、利用工具，添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块，加快测试效率

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。